Open banking is a new way to make your money work harder. It’s secure, it’s quick, it’s convenient – and over 9 million businesses and consumers in the UK already use it.

Apps and services are regulated by the Financial Conduct Authority, which oversees UK financial services firms and markets, or a European equivalent.

This means companies have to follow strict rules and stringent standards to keep your data secure.



Open banking is built on the secure systems already used by familiar high street banks and new fintech firms.

You may even be using it already to pay utilities and tax bills, to help manage your money, or to find financial products or services that suit you better.

With open banking, you’re never asked to share security details. You’ll be asked to authenticate your details using a combination of a password or PIN, fingerprint or facial recognition, and a mobile phone message or card-reader.

It’s linked to your bank

Open banking is done via secure Application Programming Interfaces (APIs), and you access services in the same way as your online banking and other online services and apps.

It offers new ways to manage your money, with reliable security and counter-fraud controls.

If you’re paying by open banking, it’s sometimes referred to as ‘Pay by link’, ‘Bank Pay’, ‘Pay with Bank Transfer’, or ’Instant bank transfer’.


Security in action

Consumers can securely connect budgeting apps to their bank accounts – encryption keeps your data safe.

Businesses can securely connect bank data to their accounting platform – and spend less time on admin.

You’re in control

You choose which apps and websites you want to use – so you’re always in charge. You decide what information that firm can access, and for how long. No one gets access unless you say so. 

Changed your mind? It’s just as easy to withdraw your consent so open banking apps and services can no longer access your data or make payments on your behalf.


It’s a familiar way to share information

Open banking APIs are commonly used to share information between services. Logging in to a website via Facebook? That’s done via APIs. Uber pinpointing location on a map? That’s Google Maps’ API at work.

Less data. More security.

Forget handing over piles of sensitive financial information to apply for accounts. With open banking, you share the minimum data necessary for the product or service you want to use through a secure digital process.


We answer some common questions below. You can also find out more about open banking from independent organisations such as MoneyHelperWhich? and Money Saving Expert.

Our open banking glossary also helps explain some of the more technical terms

How do I know open banking is safe?

Open banking has been designed with security at its heart – here’s how:

Bank-level security – open banking uses rigorously tested software and security systems (the Open Banking API security profile is based on Financial Grade API (FAPI) specifications). You’ll never be asked to give access to your bank login details, PINs or passwords to anyone other than your own bank or building society.

It’s regulated – only apps and websites provided by firms which are regulated by the FCA or a European National Competent Authority can enrol in our Open Banking Directory.

You’re in charge – you choose when, with whom, and for how long you give access to your data.

Extra protection – your bank or building society will normally refund your money if unauthorised payments are made. You’re also protected by data protection laws, and you can make a complaint to the Financial Ombudsman Service as well.

How does regulation or legislation protect open banking customers?

To enrol in our Open Banking Directory, providers have to be authorised or registered with the FCA and comply with the Payment Services Regulations 2017 which contain strict requirements around the sharing of data, secure methods of communication and customer identification.

You should always ensure that the app or website you are using to make open banking payments is operated by a regulated firm. If it is regulated, you are protected.

You can find out more, and check if a firm which provides an app or website is regulated, by searching on our regulated providers page, or by checking the FCA register, or (for European apps and websites) the registers of the FCA’s European equivalents.

How can I stay safe online?

Open banking uses secure technology. Here are a few more steps you can take to stay extra safe online:

Check if it’s regulated – see if the firm that provides the app or website is listed on our regulated providers page, the FCA register, or with a similar European National Competent Authority.

Read the small print – always read the terms and conditions before you agree to give a firm access to your data.

Check your bank account – if you see something that doesn’t look right, contact your bank or building society straight away.

Find out more – the FCA website has tips on protecting yourself online, as do the Take 5 Campaign and Action Fraud website.

How do I control who has access to my information?

You choose which apps and websites you want to use – so you’re always in charge. You decide what information they can access, and for how long. No one gets access unless you say so.

Which organisations offer open banking as a way to pay?

A growing number of businesses and public sector organisations now include open banking as a payment option.

For example, HMRC offers it as a way to pay self-assessment tax, corporation tax, VAT and other taxes. You may have seen it on your self-assessment form as ‘Pay by bank account (new)’. You can see how it works here.

Some energy providers, water companies, and local authorities also offer it as an option to pay your bill. You can even use open banking when you buy or sell a car.

When you make a payment by open banking, it’s sometimes referred to as ‘Pay by link’, ‘Bank Pay’, ‘Pay with Bank Transfer’, or ’Instant bank transfer’.

When I share my banking data via open banking, what information will companies be able to see?

The data you share may include the following:

·  account details such as the balance and name on the account.

·  regular payment details, such as who you’re paying, Direct Debits, and standing orders

·  transactions such as incoming and outgoing payments from your current account.

You should only share the minimum amount of data needed to access the product or service you want to use.

You’ll never be asked to share your bank login details or password to anyone other than your own bank or building society.

What is Strong Customer Authentication?

Strong Customer Authentication (SCA) is a way for your bank or payment provider to verify your identity when you make an electronic payment or access an account online. It aims to provide additional layers of security and help prevent fraud.

Your identity must be authenticated by at least two of the following:

·  Something only you know, like a password or PIN.

·  Something only you possess, such as a card-reader or mobile phone.

·  Something unique to you personally, such as facial or fingerprint scan.

Your bank/payment provider is required to apply SCA under the Payment Services Regulations 2017.